Modern enterprises are increasingly adopting APIs, exceeding all predictions. With more businesses investing in microservices and the increased consumption of cloud APIs, you need to secure beyond just a handful of well-known APIs. You will need to secure a higher number of internal and external endpoints. Security itself is a broad area and authentication and authorization is a key element in API security. Vendors implement a number of seemingly similar standards and patterns, making it very difficult for consumers to settle on the best option for securing APIs. The sheer number of options can be very confusing. At the same time, technology stack and industry practices are under a rapid transformation, browsers are enforcing different restrictions, new privacy regulations are in place, and more. That makes the authentication and authorization best practices you relied on a few years ago obsolete now. These slides we will discuss: - What is new and what is old in OAuth 2.0 - Mitigate security exploits by understanding the OAuth 2.0 threat landscape - Pick security standards and protocols to match business needs - Federated identities to expand business APIs beyond the corporate firewall - User strong authentication and authorization for API access - Adaptive and risk-based access control for API